harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (HARMONY-5054) [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped InputStream has lots of bytes
Date Thu, 15 Nov 2007 05:49:43 GMT

     [ https://issues.apache.org/jira/browse/HARMONY-5054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Stepan Mishura resolved HARMONY-5054.
-------------------------------------

    Resolution: Fixed

Thanks for the report Spark!
The fix and the regression test for the second issue was committed to SECURITY module at r595216.
Please check that the fix works for you.


> [classlib][security] ASN.1: BerInputStream will incorrectly resize buffer when the enveloped
InputStream has lots of bytes
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HARMONY-5054
>                 URL: https://issues.apache.org/jira/browse/HARMONY-5054
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>            Reporter: spark shen
>            Assignee: Stepan Mishura
>
> I was writing scenario test for ldap service provider, and trying to extract schema information
from an Openldap server. The response message is quite long - longer than the initial buffer
size of BerInputStream. 
> While decoding the reponse, I got the following exception:
> org.apache.harmony.security.asn1.ASN1Exception: Unexpected end of encoding
> 	at org.apache.harmony.security.asn1.BerInputStream.readContent(BerInputStream.java:915)
> 	at org.apache.harmony.security.asn1.BerInputStream.readOctetString(BerInputStream.java:545)
> 	at org.apache.harmony.security.asn1.DerInputStream.readOctetString(DerInputStream.java:113)
> 	at org.apache.harmony.security.asn1.ASN1OctetString.decode(ASN1OctetString.java:70)
> 	at org.apache.harmony.security.asn1.BerInputStream.decodeValueCollection(BerInputStream.java:760)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSetOf(BerInputStream.java:737)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSetOf(DerInputStream.java:139)
> 	at org.apache.harmony.security.asn1.ASN1SetOf.decode(ASN1SetOf.java:49)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126)
> 	at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49)
> 	at org.apache.harmony.security.asn1.BerInputStream.decodeValueCollection(BerInputStream.java:760)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequenceOf(BerInputStream.java:75)
> 	at org.apache.harmony.security.asn1.ASN1SequenceOf.decode(ASN1SequenceOf.java:50)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126)
> 	at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49)
> 	at org.apache.harmony.security.asn1.ASN1Implicit.decode(ASN1Implicit.java:141)
> 	at org.apache.harmony.security.asn1.ASN1Choice.decode(ASN1Choice.java:321)
> 	at org.apache.harmony.jndi.provider.ldap.asn1.ASN1ChoiceWrap.decode(ASN1ChoiceWrap.java:78)
> 	at org.apache.harmony.security.asn1.BerInputStream.readSequence(BerInputStream.java:669)
> 	at org.apache.harmony.security.asn1.DerInputStream.readSequence(DerInputStream.java:126)
> 	at org.apache.harmony.security.asn1.ASN1Sequence.decode(ASN1Sequence.java:49)
> 	at org.apache.harmony.security.asn1.ASN1Type.decode(ASN1Type.java:17)
> 	at org.apache.harmony.jndi.provider.ldap.LdapMessage.decode(LdapMessage.java:27)
> 	at test.LdapTest.main(LdapTest.java:60)
> I found their are 2 problems resides in ASN.1 framework
> 1.  Incorrectly resize buffer
> <BerInputStream.java>
> 137         if (buffer.length < length) {
> 138                byte[] newBuffer = new byte[length];
> </BerInputStream.java>
> And they should be modified into 
> if (buffer.length < (length + offset)) {
>                 byte[] newBuffer = new byte[length + offset];
> 2. In method readContent, the if statement:
>             if (in.read(buffer, offset, length) != length) {
>                 throw new ASN1Exception(Messages.getString("security.13C")); //$NON-NLS-1$
>             }
>             offset += length;
> is not enough to guarantee all the bytes are read into buffer. This can be fixed using
a while loop:
>             int numread = 0, oldoffset = offset;
>             while ((numread = in.read(buffer, offset, length)) > 0) {
>                 offset += numread;
>                 length -= numread;
>                 if(length == 0) {
>                     break;
>                 }
>             }
>             length = offset - oldoffset;
> It's hard to write a standalone test case, due to the large number of buffer size. Writing
a scenario test would be simpler. I will provide a scenario test and the fix soon.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message